ToolypetMCP
intermediate4 minutessecurity

JWT Authentication Setup

Set up JWT-based authentication: generate tokens, create signing keys, and implement TOTP for 2FA.

jwtauthenticationtotp2fa

이 레시피 활용 시점

Complete JWT authentication setup for web APIs. Combines token generation with 2FA for enhanced security, following OWASP best practices.

단계

1

Secret Generator

이 도구 사용해보기

Create a secure signing key

프롬프트:Generate a 256-bit random secret in hex format for JWT signing
2

JWT Generator

이 도구 사용해보기

Create a signed JWT token

프롬프트:Generate a JWT with payload {sub: 'user123', role: 'admin'} using HS256 and the secret, expires in 1 hour
3

JWT Decoder

이 도구 사용해보기

Verify the token structure

프롬프트:Decode the generated JWT to verify its header and payload
4

TOTP Generator

이 도구 사용해보기

Set up two-factor authentication

프롬프트:Generate a TOTP secret for 2FA with issuer 'MyApp'

자주 묻는 질문

Should I use HS256 or RS256 for JWT?

Use HS256 for simple setups where the same server signs and verifies. Use RS256 for microservices where different services verify tokens with a public key.

How long should JWT tokens last?

Access tokens: 15 minutes to 1 hour. Refresh tokens: 7-30 days. Shorter lifetimes reduce the impact of token theft.

관련 레시피

Secure Password Workflow

Generate a strong password, verify its strength, and hash it for storage — a complete password security pipeline.

Web Security Header Audit

Audit your website's security headers, generate a CSP policy, evaluate it, and configure CORS.

API Security Hardening

Harden your API with HMAC request signing, secure secrets, and SRI for client-side integrity.

SSL Certificate Verification

Decode and verify SSL certificates, check expiration, and generate secure RSA keys for renewal.

전체 레시피로 돌아가기